Location Privacy and Wireless Body Area Networks

March 23, 2011

Location Privacy and Wireless Body Area Networks

Wireless Body Area Networks can broadcast your location to anybody bothering to listen. Now researchers have a new way to prevent that.

One of the factors that is rapidly changing the nature of healthcare is the increasing availability of wireless sensors that can monitor blood pressure, body temperature, blood oxygen levels and so on. These devices transmit their readings back to a hub, such as a smart phone, which then sends the data to a health care monitoring service.

The benefits of this approach are many. One example is the “virtual ward” in which patients are monitored at home and visited by mobile medical teams when the data shows that it is necessary. That’s generally better for the patients and cheaper for the community that has to pay for it.

One crucial requirement of such a system is privacy since these so-called wireless body area networks will be broadcasting highly personal information. It’s relatively straightforward to protect this data thanks to the many kinds of data encryption algorithms that are available.

But Mohammed Mana at the University of Tlemcen in Algeria and a couple of buddies point out that data privacy is not the only issue at stake. They argue that another important issue is location privacy. They say that even though the data within a wireless body area network is encrypted, it’s still possible to track the location of the individuals simply by tracking the unique hardware addresses associated with the gadgets themselves, which are not encrypted.

Such an attacker doesn’t even have to be particularly nearby. He or she could pick up the signals from a wireless body area network from a distance using ultra sensitive antennas, for example.

Mana and co have a solution, however. Their idea is to make the monitoring devices within a body area network use pseudonyms which constantly change in a way that is hidden from external view. So although an eavesdropper may be able to pick up a temporary hardware address, that would quickly change preventing anybody following it.

Mana and co say their new protocol is light weight and energy efficient, both important factors for networks that are likely to run on limited battery power.

Telehealth is a rapidly growing business that is currently being tested in many countries around the world. The Department of Veterans Affairs in the US, for example, is one of the pioneers. Of course, privacy is crucial for its success–both for patient data and location. So Mana and co’s protocol, or something like it, is bound to find its way into future systems.